* Previous commit

lib/controllers/controllers_admin.go

@@ -1,8 +1,12 @@
 package controllers
 
 import (
+	"crypto/sha512"
+	"encoding/hex"
 	"fmt"
+	"net/http"
 
+	"github.com/JustKato/FreePad/lib/helper"
 	"github.com/gin-gonic/gin"
 )
 
@@ -14,6 +18,45 @@ func AdminMiddleware(router *gin.RouterGroup) {
 		// Check which route we are accessing
 		fmt.Println(`Accesing: `, ctx.Request.RequestURI)
 
+		// Check if the request is other than the login request
+		if ctx.Request.RequestURI != "/admin/login" {
+			// Check if the user is logged-in
+
+			fmt.Println(`Checking if admin`)
+
+			if !IsAdmin(ctx) {
+				// Not an admin, redirect to homepage
+				ctx.Redirect(http.StatusTemporaryRedirect, "/")
+				ctx.Abort()
+
+				fmt.Println(`Not an admin!`)
+				return
+			}
+
+		}
+
 	})
 
 }
+
+func IsAdmin(ctx *gin.Context) bool {
+	adminToken, err := ctx.Cookie("admin_token")
+	if err != nil {
+		return false
+	}
+
+	// Encode the real token
+	sha512Hasher := sha512.New()
+	sha512Hasher.Write([]byte(helper.GetAdminToken()))
+	hashHexToken := sha512Hasher.Sum(nil)
+	trueToken := hex.EncodeToString(hashHexToken)
+
+	// Check if the user's admin token matches the token
+	if adminToken != "" && adminToken == trueToken {
+		// Yep, it's the admin!
+		return true
+	}
+
+	// Definitely not an admin
+	return false
+}